Regarding the type of login problems, Art_of_camelot made a thread about it and he had the same symptoms as I had, it just hangs on the loading part. It may only happen on the first login after the security update was deployed, it happened on my first login after the update and he created the thread 5 minutes after that. I do not know if it was his first login after the security update, one might need to ask him if one wants to investigate in this direction further. I did look at what I POST to the server on login and besides some 20kb hashed_paswd in the form, where I do not know where it comes from, I noticed nothing out of the ordinary and had no problems ever besides the one time after the security update. Ah well, good luck.

And hopefully unrelated, I got this email directing me to this thread:

The Sorunome mention bug is known. It's a problem on the user mention mod's side when we @mention/!call multiple people at once in one post. You would need to report it to the original author on SMF forums.

As for the login loading taking forever, I have the same problem happening on Omnimaga until about the third try. On CW it never happened to me, but logging in takes a long while (up to 10 seconds sometimes). This is definitively something that Soru needs to fix.

If it becomes too much of an issue or hinders our activity, then we might need to revert the changes and ditch this mod, at the cost of lowered security, and if security becomes a problem, then we could just require everyone to login via Reddit, Facebook, Github, Google or something like that until SMF 2.1 comes out.

Oh, that could be an idea. Just as long as it doesn't require the regular users to do something special, because contacting 400 members to ensure that they do it doesn't mean all of them will get the message.

Yeah I am refering more to how we should avoid going the same route as the topic ID changes controversy , where no automated fix (eg a redirect or admins updating everyone's sigs) was available, thus, forcing thousands of people to manually fix their stuff themselves.

>implying it isn't already optionalYou just need to find where to set $context['disable_login_hashing'] in the admin pannel XD

EDIT: also

Quote

<Sorunome> what might help is going into Subs-Auth.php search for the function getRSAValue (probably close to bottom), search for $smcFunc['db_query']('','DELETE FROM {db_prefix}rsa_keys WHERE ts < (NOW() - INTERVAL 1 MINUTE)'); and amke that to like 5 mins or so